Adobe Experience Manager Sites & More

Jagadeesh_Prakash · 6/15/24

Hi All,

I have ~800 user groups which I need to take a back up from AEMaaCS using acl-packager ( refer below url )

https://adobe-consulting-services.github.io/acs-aem-commons/features/packagers/acl-packager/index.ht...

I am trying to copy past the groups 1 by 1 into the package definition. But it's not worth doing it. Is there any automated way to create the ACL package programatically ?

Any suggestions are appreciated. Thank you in advance.

arunpatidar · 6/18/24

Hi @Jagadeesh_Prakash

This is very basic example of a groovy

import com.day.cq.security.util.AuthorizableUtil
import org.apache.jackrabbit.vault.fs.api.PathFilterSet
import org.apache.jackrabbit.vault.packaging.JcrPackage
import org.apache.jackrabbit.vault.packaging.JcrPackageDefinition
import org.apache.jackrabbit.vault.packaging.PackageManager
import org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl
import javax.jcr.Session

def session = repository.loginService("readService", null) // Use service user for security best practices
def packageManager = new JcrPackageManagerImpl(session)
def packageName = "acl-package"
def packageGroup = "my-packages"
def packageVersion = "1.0"

// Create package path
def packagePath = "/etc/packages/${packageGroup}/${packageName}-${packageVersion}.zip"

// Create a new package
JcrPackage jcrPackage = packageManager.create(packageGroup, packageName, packageVersion)
JcrPackageDefinition packageDefinition = jcrPackage.getDefinition()
packageDefinition.set("description", "Package containing ACLs and content")

// Create filter to include nodes and ACLs
def filter = packageDefinition.getMetaInf().getFilter()

// Paths to include
def paths = ["/home/users", "/home/groups"]
def contentPath = "/content"

// Add paths to the filter
paths.each { path ->
    def filterSet = new PathFilterSet(path)
    filter.add(filterSet)
    
    // Include ACLs for each path
    def aclFilterSet = new PathFilterSet(path + "/rep:policy")
    filter.add(aclFilterSet)
}

// Include ACLs for the /content section for those groups
def groupManager = session.getUserManager().getGroupManager()
def allGroups = groupManager.findAuthorizables("rep:groupId", "*", AuthorizableType.GROUP)
allGroups.each { group ->
    def groupId = group.getID()
    def groupAclPath = "${contentPath}/rep:policy/rep:principalName/${groupId}"
    if (session.itemExists(groupAclPath)) {
        def contentAclFilterSet = new PathFilterSet(groupAclPath)
        filter.add(contentAclFilterSet)
    }
}

// Save the package
jcrPackage.save(session)
session.save()
session.logout()

println "ACL package created successfully at ${packagePath}"

Arun Patidar

View solution in original post

gkalyan · 6/15/24

@Jagadeesh_Prakash

I haven't done this myself but found this article where there is python script to do this. Check this link out which might be helpful to you.

https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-16448

Jagadeesh_Prakash · 6/17/24

@gkalyan I got it but I have ~500 + user groups. So Its bit hard for me to execute and find the path and do the package. Rather I use acl-package instead. Anyways thank you

arunpatidar · 6/17/24

Hi @Jagadeesh_Prakash
Maybe ACL packager help?

https://adobe-consulting-services.github.io/acs-aem-commons/features/packagers/acl-packager/index.ht...

Arun Patidar

gkalyan · 6/17/24

@arunpatidar

It looks like @Jagadeesh_Prakash already using ACL packager.

arunpatidar · 6/17/24

Hi @gkalyan
Sorry, I overlooked.

@Jagadeesh_Prakash if yo have a groovy script enabled then you can use groovy to create package with any definition/paths.

Arun Patidar

Jagadeesh_Prakash · 6/17/24

@arunpatidar Yes that's the option I was looking at. But you have any sample with that can you post it here. Or else once I am done with the groovy I will post it as well.

arunpatidar · 6/18/24

Hi @Jagadeesh_Prakash

This is very basic example of a groovy

import com.day.cq.security.util.AuthorizableUtil
import org.apache.jackrabbit.vault.fs.api.PathFilterSet
import org.apache.jackrabbit.vault.packaging.JcrPackage
import org.apache.jackrabbit.vault.packaging.JcrPackageDefinition
import org.apache.jackrabbit.vault.packaging.PackageManager
import org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl
import javax.jcr.Session

def session = repository.loginService("readService", null) // Use service user for security best practices
def packageManager = new JcrPackageManagerImpl(session)
def packageName = "acl-package"
def packageGroup = "my-packages"
def packageVersion = "1.0"

// Create package path
def packagePath = "/etc/packages/${packageGroup}/${packageName}-${packageVersion}.zip"

// Create a new package
JcrPackage jcrPackage = packageManager.create(packageGroup, packageName, packageVersion)
JcrPackageDefinition packageDefinition = jcrPackage.getDefinition()
packageDefinition.set("description", "Package containing ACLs and content")

// Create filter to include nodes and ACLs
def filter = packageDefinition.getMetaInf().getFilter()

// Paths to include
def paths = ["/home/users", "/home/groups"]
def contentPath = "/content"

// Add paths to the filter
paths.each { path ->
    def filterSet = new PathFilterSet(path)
    filter.add(filterSet)
    
    // Include ACLs for each path
    def aclFilterSet = new PathFilterSet(path + "/rep:policy")
    filter.add(aclFilterSet)
}

// Include ACLs for the /content section for those groups
def groupManager = session.getUserManager().getGroupManager()
def allGroups = groupManager.findAuthorizables("rep:groupId", "*", AuthorizableType.GROUP)
allGroups.each { group ->
    def groupId = group.getID()
    def groupAclPath = "${contentPath}/rep:policy/rep:principalName/${groupId}"
    if (session.itemExists(groupAclPath)) {
        def contentAclFilterSet = new PathFilterSet(groupAclPath)
        filter.add(contentAclFilterSet)
    }
}

// Save the package
jcrPackage.save(session)
session.save()
session.logout()

println "ACL package created successfully at ${packagePath}"